package com.calvin.study.shiro;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;

/**
 * 授权过滤器 判断用户是否具备访问资源的权限
 * @ClassName:CustomerAuthorizationFilter   
 * @author:Calvin.W
 * @date:2022年6月8日 下午2:31:40
 */
public class CustomerAuthorizationFilter extends AuthorizationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		HttpServletRequest req = (HttpServletRequest) request;
		Subject subject = getSubject(request, response);
		if (subject.getPrincipal() == null) {
			return false;
		}
		String url = WebUtils.getPathWithinApplication(req);
		return subject.isPermitted(url);
	}

}
